Stack Overflow
Stack Overflow

Questions tagged [password-encryption]

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at password hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

Password encryption is the act of securing a password with another password. If your intent is to use passwords for authentication (e.g. for logins), you should look at hashing instead of encryption. Use this tag for question about how or better still whether to encrypt passwords.

A critical but non-technical problem with password encryption is that legal non-repudiability of transactions is lost, because it ceases to be true that only the password holder could have executed the transaction. This alone should be enough to disqualify password encryption from use almost anywhere.

Useful Links

1091 questions
1343
votes
26 answers

How should I ethically approach user password storage for later plaintext retrieval?

As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the…
Shane
  • 16,499
  • 4
  • 25
  • 46
37
votes
3 answers

Salt and hashing, why not use username?

I must confess to being largely ignorant on most of the high-tech security issues relevant for web applications, but there is one thing I at least thought I could ask because it is a direct question with (hopefully) a concrete answer. Take this…
Lasse V. Karlsen
  • 350,178
  • 94
  • 582
  • 779
27
votes
1 answer

Why is the output of werkzeugs `generate_password_hash` not constant?

When I run werkzeug.security.generate_password_hash("Same password") (docs) multiple times, the output is different each time. What am I doing wrong? Why is it not constant?
Shankar ARUL
  • 9,495
  • 8
  • 59
  • 62
26
votes
4 answers

How to hash password in play framework (maybe with BCrypt)

I'm a bit new to play framework and password hashing. I tried to find some solutions for hashing my passwords and I found BCrypt. Do you think that's good enough to hashing passwords. And if it's good, how can I get it working in the play framework?…
Tigi1991
  • 301
  • 1
  • 4
  • 8
24
votes
4 answers

Hashing a SecureString in .NET

In .NET, we have the SecureString class, which is all very well until you come to try and use it, as to (for example) hash the string, you need the plaintext. I've had a go here at writing a function that will hash a SecureString, given a hash…
Mark Raymond
  • 686
  • 7
  • 19
22
votes
1 answer

Call to undefined function password_hash()

I am running php version 5.4.16 on localhost right now, while I am developing my site. I want to use password_hash(), but I keep getting this error: Fatal error: Call to undefined function password_hash() in /dir/to/file.php on line 123 Why is…
user3162085
  • 231
  • 1
  • 2
  • 3
22
votes
5 answers

Using encoded password for the datasource used in spring applicationContext.xml

I want to keep encoded password in my below mentioned springApplicationContext.xml Is there any way to achieve this? presently I have configured all properties using property-placeholder as shown below but the raw password is still open in my…
Sandy
  • 912
  • 5
  • 15
  • 27
19
votes
4 answers

Password to key function compatible with OpenSSL commands?

For example, the command: openssl enc -aes-256-cbc -a -in test.txt -k pinkrhino -nosalt -p -out openssl_output.txt outputs something like: key = 33D890D33F91D52FC9B405A0DDA65336C3C4B557A3D79FE69AB674BE82C5C3D2 iv =…
Tudor
  • 4,108
  • 5
  • 36
  • 51
17
votes
2 answers

The proper way of implementing user login system

I want to make a user login system for the purpose of learning. I have several questions. I did some research and found that the proper way of implementing a user login system is to store the user name/id and the encrypted/hashed version of the…
Joey
  • 2,600
  • 11
  • 35
  • 60
17
votes
6 answers

Password encryption with Spring/Hibernate - Jasypt or something else?

In a Java application stack with Spring & Hibernate (JPA) in the Data Access Layer, what are good methods of applying the password encryption (hopefully using annotations), and where can you find out more about getting it done (tutorial, etc)? It's…
stevedbrown
  • 8,624
  • 8
  • 39
  • 57
16
votes
1 answer

Best way encrypt password php (in 2017)

In my website I use md5 to crypt password user in my database (and store session user) $pswUser = md5($_POST["password"]); But I have just been told that this way of encrypting has become obsolete I did some research to find out how to do it but…
Rocstar
  • 1,078
  • 2
  • 14
  • 33
16
votes
1 answer

Generate a 10-digit TOTP password with a certain key

This problem is related to TOTP as specified in RFC6238 here: https://tools.ietf.org/html/rfc6238#section-1.2. I am to implement the RFC6238 to generate a 10-digit TOTP password, which will be used in a POST request later on. The sample input and…
Nicholas Sadjoli
  • 195
  • 1
  • 1
  • 10
16
votes
2 answers

How do I encrypt passwords with PostgreSQL?

I have some problems with encoding passwords,how can I do it. Type of encoding md5 digest(data text, type text) returns bytea; CREATE OR REPLACE FUNCTION md(bytea) returns text AS $$ SELECT encode(digest($1, 'sha1'), 'md5') $$ LANGUAGE SQL…
Karen Manukyan
  • 196
  • 1
  • 2
  • 10
16
votes
5 answers

Best practice for storing usernames & password in MySQL Databases

Possible Duplicate: Secure hash and salt for PHP passwords I am making a system that has stores user credentials (email, username and password) in a MySQL database and have seen conflicting views on using encryption, salting and encryption…
Phil Young
  • 1,234
  • 3
  • 19
  • 43
15
votes
1 answer

mvn --encrypt-master-password : Good practice for choosing ? Which level of privacy should it be?

I am learning to use maven password encryption capabilities and I would like to know how to choose the parameter . There are two things that I don't understand: 1) mvn --encrypt-master-password foobar will always give a different encrypted…
ncenerar
  • 1,487
  • 12
  • 25
1
2 3
72 73